224
only one – "theworldinyourhand" – is virtually uncrackable. It is the number 173 most common password and would take centuries to guess using brute force.
Not anymore. That would get moved towards the top of the rainbow table now.
this post was submitted on 17 Nov 2023
224 points (96.3% liked)
Technology
58143 readers
4500 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Pass phrases for the passwords you have to type by hand, automatically generated passwords for the things that can autofill from a password manager, MFA for everything that supports it.
Anything less or any password reuse is just asking for trouble.
Yeah, using a pass phrase makes it much easier to remember on top of being more secure. But users should introduce at least a bit more complexity than that example (all lower case letters isn't great). This1sComplexButMemorable! Is an easy example of how you can just make up a relevant sentence to what you're using, include a range of character types for complexity and to meet requirements, and you're good to go. Plus if you make it relevant to what you're logging into, you're less likely to be tempted to reuse the pass.
ThisIsMyMotherfuckingHotmailPassword!
Is an incredibly secure password for Hotmail. And super memorable.
48736915208 No son, you're not watching YouTube.
Handing the security of your accounts to...... mobile carriers... always felt iffy to me.
That's the kind of password an idiot would use on his luggage!
123456, that's the same password that I have on my luggage! Set a course for druidia and change the password on my luggage
Yes, President Scroob!
They got this data from password leaks. Crappy sites that force you to create an unnecessary account for basic usage are arguebly more often part of password leaks.
So it's not a surprise that a huge amount of leaked accounts have passwords like 123456, because that's exactly the right kind of password for a throwaway account that you'll never need again. In the best case coupled to a trashmail email account.
Username: admin
Password: admin
Username: guest
Password: guest
I am in! Oh... I do not have any access
Apparently, people creating new accounts seem to assume the word (password) in the box in light gray font is a suggestion rather than a label.
lol
Being the most common makes them inherently the worst, so that shouldn't surprise anyone.
No mention of descending numbers, looks like 654321 is still safe. Not that uh, I, would have any particular worry about that one, nope.
eyes dart back and forth rapidly
Just waiting for the day when they start calling out those of us who make all our passwords easy to type with one hand.
All your passwords, or only the ones for certain websites?
Funny, I thought only I did that. Looks like a boss when you login to a system with just one hand and at lightning fast speeds.
Good old ]yèî̾ÌP®åÙyJàºséí³Òò&ÚÀxÁõÝÞ/ÍÔ9~B6Æ¿Üïd`ÛÝm®@. Nobody ever guesses that.
Sorry. Your password cannot contain proper nouns like the name of Elon Musk's child.
Your password must contain at least one emoji.
í³Ò
Hunter2, still haven’t been hacked (in the past few weeks)
What hasn't sorry? I can only see *******
That's amazing, I've got the same combination in my username!
Eliska81
How is this popular?
Someone on a different site theorized that password belongs to a bot network. But I haven't seen definitive proof.
I think most of these are for accounts where people don't care if they are hacked or not.
Regardless, this should not be on the individual. The issue is with the website that allows those types of passwords to begin with. There are sites that don't allow special characters at all. Stupid.
The most infuriating thing is websites that actually limit secure passwords (e.g. "password must be between 6 and 12 characters"). Preventing longer passwords makes little sense if they're salting and hashing; and if they're storing the passwords in plain text (which is just about the only reason to limit the max length to anything less than what a person would reasonably remember), that's even worse.
Exactly, I'm not using a real password for a site I don't care about where I have nothing to protect.
I'm using something simple that I can type with one hand.
Something important however? Good luck figuring that out.
Devs out there:
- User: test@example.com
- Pass: Password1!
Everyone knows the correct test credentials are test/test. Even then, that's only if they don't allow blank/no password.
Just like every year...
Gotta mix it up 123456A
Whoa, holup. We can use numbers and letters‽
Hey, how did you guess the password on my luggage?
Mine is 654321
Since it is the opposite sequence, it clearly must be the most secure
There was a huge adobe breach a while back and they made it into a crossword. https://zed0.co.uk/crossword/
![It was bound to happen eventually. This data theft will enable almost limitless [xkcd.com/792]-style password reuse attacks in the coming weeks. There's only one group that comes out of this looking smart: Everyone who pirated Photoshop.](https://imgs.xkcd.com/comics/encryptic.png)
Welp, there goes a few hours of my life. asdfgh! >:o
Have fun.
How tf did these guys get my password?
No significant change from the past couple of decades, then.